Ok hopefully this thread won't be too long else I really will be in trouble...

As you know I've been putting my pages together bit by bit but to be honest I've left the main security things out, not sure why exactly, probably because I've wanted to concentrate on learning the basics I guess - and I know some of you would probably argue these are the basics lol!!

Anyhow this is the stage I'm at now, various people have mentioned things like sql injection and hijacking etc etc.

Can you give tips on making my db secure;

Here are a few 'I think' are correct:

1. Use msql_real_escape_string whenever getting variables to a page??

2. Always validating anything the user enters!

Any more...?(and of course an explanation would be really helpful)